Skip to main content

Leveraging cyberpsychology in our fight against cybercrime

(Image credit: Shutterstock / Golden Sikorka)

Technology such as social media has fundamentally transformed our world, shaping our lives and relationships in novel and interesting ways. Often this is for the better. For example, technology has enabled the shift to remote working and allowed us to stay in touch with loved ones throughout the pandemic. 

It has also worked to provide businesses, individuals, artists and politicians (naming no names!) with a direct line of access to their core audiences. While this has obviously been used in different ways and with varying degrees of success and ethical consideration, the principles of communicating via this method remain democractic, removing traditional means of distributing from the equation.

However, there’s also a darker side that demands our attention. The online world is an environment rife with disinformation and riddled with cybercrime. Alongside the challenges presented in our online lives, we’re also compelled to keep our online behavior in check and protect our digital selves. After all, while there is a perception of the online world as a place entirely removed from the physical, this is not a perception rooted in reality. From our bank accounts and our shopping habits, to our social media and professional accounts, the reality is that the online world represents an extension of our real lives, simply manifesting in a different way. 

The problem is, once we dig a little deeper, it’s clear that many of us behave differently online. 

Often, we take risks that we would never dare do in our everyday lives; from oversharing personal information (which may then be used against us, either in an online ‘pile-on’ or as part of a social engineering or cybercriminal campaign) to manifesting overconfidence. 

Behavior disconnect

We see it all the time. Whether indulging in a YouTube binge or scrolling mindlessly through Twitter, sooner or later you will come across an internet troll. It is highly unlikely that all of the people who are happy to send individuals the worst kinds of online abuse, from death threats to racism, would be as comfortable doing so in a ‘real world’ scenario. While browsing Instagram, you may notice your feed brimming with detailed accounts of a friend’s trip to the grocery store. Yet, should you meet the same friend for a coffee, the minutiae of their lives is unlikely to be the main thing they are hoping to communicate to you. Perhaps, you find yourself embroiled in a heated debate on Reddit, attempting in vain to convince a band of conspiracy theorists that 5G poses no health risk. 

What we have is a disconnect between how we should behave to be cyber safe and how we do behave. Why is that? Well, this is precisely one of the questions that cyberpsychology endeavors to answer. 

Initially emerging in the 1990s, cyberpsychology is a field of study that is steadily rising in prominence. It looks into the ways in which we behave and interact within cyberspace and via our various devices. Notably, how our behaviors are affected by technology and the internet. From the field of study, we gain greater insight into our conduct that might lead us to be victims of cybercrime. Likewise, on the other side of the coin, we gain insight into what drives cybercriminals.

Cyberpsychologists have identified key psychological features of technology that are worth noting: the disinhibition effect, recordability and flexible identity. The first theory offers an explanation for our tendency towards rashness and overconfidence online. From behind a screen, each one of us can easily slip into the illusion that we are anonymous or that the interactions we have on the internet are somehow ‘less real’ than those that take place face-to-face. Fuelled by this, we might assert ourselves, but also make poor decisions as we disregard the consequences. It is through this logic that we can explain why some transform into bullies and others disclose their whereabouts or intimate details online. 

Identity flexibility

Then there is the element of recordability, whereby anything and everything we do on the internet is fully documented; including content that has been shared via private chat. As the saying goes, “once on the internet, always on the internet”. Unfortunately, this is frequently underestimated, and the consequences could be devastating. With access to even a portion of this information, bad actors have enough ammunition to run a cyberattack. A common tactic is phishing, where cybercriminals gather morsels of your data to draft a sophisticated email, convincing you to click on a malicious link. 

Finally, there is the concept of ‘identity flexibility’. When we are online, the physical attributes of communication are limited. We often can’t see each other, gauge body language or decipher one’s tone of voice. And this makes it easier to express a partial picture of one’s identity or to reinvent it altogether. While there may be some benefits to this, the downside is that it gives cybercriminals all the tools to mislead us. With this identity flexibility, they can adopt a new persona to execute identity fraud or phishing scams. 

There is no doubt that the opportunities offered by the internet and technology are vast. Yet, the intangible, unknowable nature of cyberspace also makes it a dangerous environment. In the physical world, when we see an intruder in our home, we know to identify them as a threat and to respond with either fight or flight. In the online world, the threats are not so evident. Rather, they are elusive and fluid. Therefore, while the risks may be abundant, we may still feel a false sense of security. However, by striving to understand the psychology of our behavior and of hacker communities, we might better position ourselves to defend against such threats.

When it comes to the Internet, the ecosystem we have built ourselves is here to stay. It is up to us as cybersecurity professionals, and the big tech companies to ensure that individuals and companies alike are provided with the relevant information to use the internet safely and responsibly. Part of this is working to increase our collective understanding of cyberpsychology and behavior to understand why people act the way they do online.

Anete Poriete, UX Researcher, CyberSmart

Anete Poriete is a UX Researcher at CyberSmart.